Privacy & Security
Nurse’s bid for re-instatement denied
November 4, 2015
SIMCOE, Ont. – A registered nurse who was fired for snooping into the records of patients at the Norfolk General Hospital had her request for re-instatement turned down in October, after the arbitrator ruled the hospital had just cause for firing her.
Nancy Oliveira, a registered nurse in the hospital’s intensive care unit, was dismissed in March 2013 after a former patient complained that members of the community seemed to know details about her medical condition.
An audit by the hospital revealed Oliveira had inappropriately looked at patient records dating back to 2004. She had worked in the ICU since 2001.
NGH spokesperson Gerry Hamill repeated the hospital’s claim that no one’s information was sold or used for other purposes. “It was looking at records for the sake of looking at records,” Hamill told the Simcoe Reformer.
According to the arbitrator’s judgment, Oliveira looked at 500 patient records inappropriately in the year before she was let go.
The allegation made by the former patient, arbitrator Lyle Kanee noted, “was never proven and the hospital does not rely on it in support of its decision to terminate (Oliveira).” However, the complaint prompted the audit, which found the wrongdoing, he wrote.
When Oliveira testified at the arbitration hearing, she denied improperly or unnecessarily accessing medical records, the judgement said, while her union contended that the hospital’s rules over privacy and confidentiality were “vague and conflicting.”
Kanee, however, ruled that NGH had “just cause” to fire Oliveira.
Oliveira could face further sanctions from the College of Nurses of Ontario. She was scheduled to have a disciplinary hearing with the college. Her first date was set for Nov. 2. Another nine dates are set for January and February.
Since the nurse was let go, NGH has “much improved” its audit system, Hamill said, and ongoing education is provided to staff on when to look up records and when not to.
“Staff are fully aware of when it shouldn’t be done,” Hamill said. “If you don’t have a reason (to look at the records), why are you there. And if you are there and you don’t have a reason, you know the consequences.”
An online article posted by Article by Roberto Ghignone, a lawyer with Borden Ladner Gervais, contained further details:
The Ontario Nurses’ Association grieved the nurse’s termination. Arbitrator Lyle Kanee heard the grievance and rendered his decision on September 22, 2015. He was required to decide two issues:
- Did the Hospital have just cause to discipline the nurse?; and
- Was the penalty of termination appropriate?
Throughout the process, the grievor argued that she had professional reasons for accessing all the patient records and denied that any of her accesses were either unnecessary or improper. The union argued that the hospital lacked just cause to discipline her for a number of reasons including that the hospital:
- Misinterpreted the requirements of the Personal Health Information Protection Act, 2005 (“PHIPA”); and
- Failed to properly educate staff on the confidentiality of health information.
The hospital has used an electronic health records system supplied by Meditech since 2004. All users are required to login using a unique username and password. Each nurse, including the grievor, had to sign a Confidentiality Pledge to access the system.
In the Confidentiality Pledge, users were required to agree “to never access information for which I have no professional need” and “to adhere to discipline specific professional standards related to confidentiality in an electronic environment.”
Did the hospital have just cause to discipline?
The union argued that PHIPA, when properly interpreted, allows nurses to access the personal health information of patients for educational purposes. The nurse testified that this was the primary reason she accessed the records of patient she wasn’t providing care to.
Specifically, the union argued that as an agent of the hospital, the grievor was permitted to use personal health information for the same purposes the hospital is able to under section 37 of PHIPA. Under this section, the hospital, amongst other uses, is permitted to use personal health information for the purpose of risk management and for educating agents.
Arbitrator Kanee rejected this argument. He found that under PHIPA agents are only permitted to access personal health information for educational purposes if the hospital explicitly allows them to do so. The hospital did not; its manual clearly states that:
Each clinician is professionally accountable for only accessing the records of patients under his/her care.
Further, the arbitrator found that the professional standards imposed by the College of Nurses clearly require nurses to limit their access to the records of patients that they are caring for.
The union also argued that the hospital failed to adequately educate staff about patient confidentiality and appropriate use of the electronic record. The arbitrator found that the hospital had “failed in its responsibility to train and educate nurses.”
The hospital and its staff have a joint responsibility to ensure that patient confidentiality is respected. Although, the hospital had policies addressing this issue and provided training to the grievor when it introduced the electronic records system, the arbitrator found that “no further training or education was provided on these important concerns in the next nine years of the grievor’s employment.”
At the same time, however, the arbitrator found nurses are required to be aware of and inform themselves about the requirements of PHIPA, hospital policies, and the standards of their College. While the lack of education may mitigate some of the accesses, “the grievor knew or ought to have known that she was violating the privacy rights of patients” to the extent that she did.
The Arbitrator concluded that the grievor had accessed a large number of patient records without any professional need or reason and that discipline was appropriate.
Was termination appropriate?
The arbitrator was required to consider whether there were “compelling circumstances” that would justify imposing a penalty less than termination. This required the arbitrator to consider the number of improper accesses, whether the nurse had consent to access the records of friends or family, and whether the nurse showed remorse, and had acknowledged the wrongdoing.
The arbitrator upheld the termination. He was influenced by the large number of improper access, over 500, which the nurse had made in the year prior to her termination. Her actions also had a negative impact on the hospital and its reputation and required it to undertake a lengthy and costly audit. Lastly, he found that the grievor did not accept responsibility for the majority of the improper accesses.
The circumstances of this case allowed the arbitrator to uphold the termination even though he had some concerns about the privacy practices within the hospital and its failure to provide ongoing education to staff. In other cases, a lack of education could be seen as mitigating a small number of improper accesses. As such, hospitals should ensure that staff receives regular updates and training reminding them of their obligations to patient confidentiality and the appropriate uses of the electronic health record.
The decision also highlights the importance of having a policy in respect of patient confidentiality that clearly sets out in what circumstances a hospital staff member may or may not access patient records.